El Sun, 11 Aug 2024 07:28:08 +0000 Edward Toroshchyn <edward.toroshchyn@pm.me> escribió:
All,
I would like to defend Python a little bit here.
On Sunday, August 11th, 2024 at 02:48, David C. Rankin <drankinatty@gmail.com> wrote:
I hate that insecure python software supply-chain.
In my opinion, it is the responsibility of the system administrator to avoid installing software other than by using the package manager. Using `pip install` is only one such installation method; one could have also just unpacked an archive into /usr/bin, or created their own shell script there -- all with the same result, but none of the Python's fault.
Arguably, Python should not even offer this option. However, at the time Python was created, this was pretty much normal behaviour (e.g. Perl and Tex package managers would eagerly install packages globally), and removing it now would probably be extremely tedious. However, Python already improves on that by allowing to mark an environment as "externally managed"[1], which is what the error message is about.
Finally, if you would like to find all files that are not installed by Pacman, consider trying lostfiles[2].
Best regards, -- Edward
[1] https://packaging.python.org/en/latest/specifications/externally-managed-env... [2] https://archlinux.org/packages/extra/any/lostfiles/
I don't like python too much, but in this case Edward Toroshchyn is right. Normally I only install python packages with pacman when they are dependencies of antoher program. When it's a isolate Python applications I use the wonderful virtual enviorement of Python. The correct way is to create a virtual enviorment in a user space create the variables in a .bashrc o whatever you use like shell. I recommend pipx for all that because is a very power tool.